Jump to content

Web Control behind a proxy not showing blocking page for https sites

me myself and i

By me myself and i
in ESET Endpoint Products

 Share

Recommended Posts

me myself and i

me myself and i 0

Posted
  • Author
Posted
11 hours ago, itman said:

My guess is if a transparent proxy was used, there would be no issues with Eset since it would be examining expected port 443 HTTPS traffic.

unfortunately wrong
The proxy runs in explicit mode on a custom port

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,071

Posted
  • Administrators
Posted

In logs we see that the browser received a blocked page but for an unknown reason it reports an error. The case is still being investigated.

Link to comment
Share on other sites
  • ESET Staff
Posolsvetla

Posolsvetla 15

Posted
  • ESET Staff
Posted

This is intended behavior of both Chrome and Firefox.

We serve the blocking page with HTTP/1.0 403 Blocked by ESET Security, as the immediate response to CONNECT blocked.domain.com:443 HTTP/1.1
Such response is blocked by browsers, and therefore not shown, in the case of https for security reasons, see e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=137891

In order to make the browsers show the page we would need to proceed with the tunnel establishment and serve the blocking page only in there. Currently there is no ETA when this change will be done. It would be implemented in Internet protection module and therefore the clients would receive the update automatically.

Link to comment
Share on other sites
me myself and i

me myself and i 0

Posted
  • Author
Posted
9 minutes ago, Posolsvetla said:

This is intended behavior of both Chrome and Firefox.

..and Edge, and Vivaldi...
is there a browser where it works?

 

 

15 minutes ago, Posolsvetla said:

We serve the blocking page with HTTP/1.0 403 Blocked by ESET Security, as the immediate response to CONNECT blocked.domain.com:443 HTTP/1.1
Such response is blocked by browsers, and therefore not shown, in the case of https for security reasons, see e.g. https://bugs.chromium.org/p/chromium/issues/detail?id=137891

In order to make the browsers show the page we would need to proceed with the tunnel establishment and serve the blocking page only in there

if I understand correctly, this does not work anywhere?
are we the only company using ESET and a proxy?

 

Best

Stefan

Link to comment
Share on other sites
  • ESET Staff
Posolsvetla

Posolsvetla 15

Posted
  • ESET Staff
Posted
24 minutes ago, me myself and i said:

is there a browser where it works?

if I understand correctly, this does not work anywhere?

The source code of only Chrome and Firefox was checked. The majority, if not all, of the browsers are expected to behave similarly.

24 minutes ago, me myself and i said:

are we the only company using ESET and a proxy?

Probably not. But as it's been like this for several years already, you are the 1st (AFAIK) to actually care enough to report the issue.

Link to comment
Share on other sites
me myself and i

me myself and i 0

Posted
  • Author
Posted
8 minutes ago, Posolsvetla said:

Probably not. But as it's been like this for several years already, you are the 1st (AFAIK) to actually care enough to report the issue.

wow.... sounds like a bonus for me *smile*
and since it is the second error (see here) there is perhaps a double bonus? *double-smile*
what are the next steps?
Will you inform me when the problem is solved?

Link to comment
Share on other sites
  • ESET Staff
Posolsvetla

Posolsvetla 15

Posted
  • ESET Staff
Posted
9 minutes ago, me myself and i said:

what are the next steps?
Will you inform me when the problem is solved?

We will take care of the issue, but please note it might take some time as there might be more urgent work to be done.

I will sent you a PM when it's released for business users. Please do not expect it to be soon, e.g. the usual release workflow (in cases like this) lasts several weeks.

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

In the Cisco WSA documentation in regards to HTTPS proxy configuration, it is stated that transparent proxy mode was provided in the instance where individual client devices are not configured to use a proxy. It was already stated in this thread that this installation does not configure  individual client devices to use a proxy. As such, I believe setting Cisco WSA HTTPS proxy to transparent mode would be the solution to this issue.

Broadcom has a short article of the difference between explicit and transparent proxies: https://knowledge.broadcom.com/external/article/166958/the-differences-between-explicit-proxy-a.html . The main thing to note in this article is how browsers behave when either proxy is used. So lets look at Firefox's default proxy setting for example:

Firefox_Proxy.thumb.png.f49b66b2816bae4837fdb0975f3595c3.png

It's using Win 10 system proxy settings by default. If a network perimeter appliance explicit proxy was set on my network and this is not set up properly in my Win 10 system settings or defined in FireFox itself, I can see how FireFox could have issues with explicit proxy network traffic.

 

Edited by itman
Link to comment
Share on other sites
  • 3 weeks later...
  • 2 weeks later...
  • 1 month later...
  • 2 years later...
  • ESET Moderators
Peter Randziak

Peter Randziak 1,130

Posted
  • ESET Moderators
Posted

Hello guys,

the feature is implemented in Internet protection module 1457. 
Today (September 27, 2023) it has been released on pre-release update channel, further releases will scheduled later.

Peter

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...